这篇是继上一篇之后的。
当我们访问/oauth/token时,首先会经过BasicAuthenticationFilter,之后才会到TokenEndPoint
图1
org.springframework.security.web.authentication.www.BasicAuthenticationFilter的doFilter调用doFilterInternal,如下List-1所示,会从头部取出Authorization字段,由authenticationManager来处理。
List-1
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
boolean debug = this.logger.isDebugEnabled();
String header = request.getHeader("Authorization");
if (header != null && header.startsWith("Basic ")) {
try {
String[] tokens = this.extractAndDecodeHeader(header, request);
assert tokens.length == 2;
String username = tokens[0];
if (debug) {
this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'");
}
if (this.authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]);
authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
Authentication authResult = this.authenticationManager.authenticate(authRequest);
if (debug) {
this.logger.debug("Authentication success: " + authResult);
}
来源:oschina
链接:https://my.oschina.net/u/2518341/blog/3020109